Lukas Vrabec
2018-08-07 09:19:48 UTC
Hi,
I saw several bugs where boltd daemon runs as unconfined_service_t. I
have prepared new SELinux module for it.
I'll push it to Fedora Rawhide and also Fedora 28 soon. This module will
be in permissive mode, which means policy for boltd won't be enforced by
kernel, just AVCs will be logged even if the whole system will be in
Enforcing state.
If you'll find some AVCs related to boltd, please use this bugzilla[1]
to report them.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1607974.
Thanks,
Lukas.
--
Lukas Vrabec
Software Engineer, Security Technologies
Red Hat, Inc.
_______________________________________________
selinux mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to selinux-***@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org/message/JRL5KVB
I saw several bugs where boltd daemon runs as unconfined_service_t. I
have prepared new SELinux module for it.
I'll push it to Fedora Rawhide and also Fedora 28 soon. This module will
be in permissive mode, which means policy for boltd won't be enforced by
kernel, just AVCs will be logged even if the whole system will be in
Enforcing state.
If you'll find some AVCs related to boltd, please use this bugzilla[1]
to report them.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1607974.
Thanks,
Lukas.
--
Lukas Vrabec
Software Engineer, Security Technologies
Red Hat, Inc.
_______________________________________________
selinux mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to selinux-***@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org/message/JRL5KVB